New terms of service for PyPI [LWN.net]

By Jake Edge
March 12, 2025

On February 25, the Python Software Foundation (PSF), which runs the Python Package Index (PyPI), announced new terms of service (ToS) for the repository. That has led to some questions about the new ToS, and the process of coming up with them. For one thing, the previous terms of use for the service were shorter and simpler, but there are other concerns with specific wording in the new agreement.

According to the announcement, which was posted by PyPI administrator (and PSF director of infrastructure) Ee Durbin, the new terms will go into effect on March 27. Anyone continuing to use PyPI after that date is implicitly agreeing to the terms. Durbin outlined the history of the terms, going back to the initial opening for uploads in 2005; the terms have been updated twice since, in 2009 and in 2016, they said. In the past, the terms were primarily meant to protect PyPI and the PSF; now the organization has worked with its legal team to create the new terms. They are meant to be compatible with the old, "while adding as permissive a set of new terms as possible to ensure that PyPI users and the PSF are protected".

Another reason for the update is to help enable the Organization accounts feature for PyPI. That feature, which was announced almost two years ago during PyCon in 2023, has languished, in part because of staffing difficulties that likely stem from unanticipated demand. Organizations will be able to apply for special status on PyPI, with their own namespace that can house multiple projects; organizations for community projects would be free, while companies would pay a small fee, with the revenue targeted for PyPI operations and maintenance. The feature is currently in a closed beta and is expected to be rolled out more widely soon.

Questions

A few days after the ToS announcement, Franz Király posted some questions in the PSF category of the Python discussion forum. He wondered whether the PSF was moving PyPI "to a paid subscription model" and if it was "looking to abolish package neutrality on pypi". He pointed to the "Paid Services" section of the new ToS and highlighted some of the text from the "PSF May Terminate" clause:

PSF has the right to suspend or terminate your access to all or any part of the Website at any time, with or without cause, with or without notice, effective immediately. PSF reserves the right to refuse service to anyone for any reason at any time.

To him, those changes might indicate the PSF is fundamentally changing course with PyPI. Beyond that, though, he suggested that there should have been some discussion with the community ahead of making a change of this sort. If that kind of discussion did happen, he asked that the PSF leadership say so and "explain where and how the decision has been taken" with a link to any public minutes.

Durbin was quick to reply, trying to keep the thread from "spiraling from FUD to chaos over the weekend". They said that the new ToS came about "to formalize the relationship and protections for maintainers, the pypi admins, and PSF in order to move forward with paid Organization accounts for corporate users". The Organization accounts will be completely optional and only cost money for "paid corporate users"; community projects will be provided the accounts "at no cost, forever" if they want them. On the question of whether the PSF is looking to abolish package neutrality for PyPI, Durbin had a one-word answer: "No".

Antoine Pitrou noted that the termination wording applies more widely than only to Organization accounts. He wondered why it was needed to move forward on the new feature. Király agreed, saying that instead of formalizing protections for the maintainers of PyPI packages, "the paragraph in fact seems to strip maintainers (as well as users) of any and all protections".

Guillaume Lemaitre also wondered about the termination clause, contrasting it with the clause about when the PSF can remove content. The content clause specifically calls out content "that, in our sole discretion, violates any laws or PSF terms or policies" for removal. Brett Cannon suggested that the likely reason for the broad termination clause is that the lawyers for the PSF, which is a US non-profit, "require it to be this broad to protect the PSF from lawsuits".

Cannon also did not think it made any real change to what the PSF can do under the existing terms. Király strongly disagreed with that interpretation, saying that the absence of a termination clause in the old terms would actually provide some level of protection to users and developers, because it would fall back to the norms and precedents from court cases in the US. Cannon argued that both he and Király were speculating and suggested contacting the email address specified in the new ToS. Király did so on March 2; as of March 8, there had not yet been any reply to the email.

Procedures

Meanwhile, there were some procedural questions that Király and others raised in the thread, which he gathered up with the hope that the PSF board could address them. He wondered when the decision was made to switch to a new ToS, if there were minutes from the meeting where that happened or was discussed, whether the membership of the PSF was consulted, and so on. Pitrou noted that, as a PSF member, he could confirm that there was no consultation of the members on the change to the PyPI terms.

A few others had views similar to Cannon's that the new terms did not really change anything of note. Both William Woodruff and Marc-André Lemburg had that take, with the latter noting that "getting some more community feedback upfront would probably have helped" with the reception of the new terms. Paul Moore agreed as well:

My personal view is that PyPI have always been free to do pretty much what they choose - that's the nature of a free service (you pay nothing, so you can expect nothing). These new T&Cs basically set the expectations for paying customers to be the same, just using legal terms that will make sense to such customers.
[...] Getting that email out of the blue was a bit of a shock. And I'm closely involved with the packaging community, so I would have expected to have had at least some indication that this was on its way.
Frankly, I hope that at least some of the funds PyPI get from the new paid features will be invested in improving their community involvement and consultation. I don't know to what extent the PyPI admins currently expect this to be coming from the PSF, but if they do, then it's not working very well :(

Moore noted that he did have some concerns about the new paid Organization feature for PyPI, mostly around the likelihood of prioritizing features for the "paying customers" over those of the regular, community "customers", but those were not connected to the changes to the terms. In a reply to Woodruff, Király outlined some of the possible conflicts that could come from the new terms:

Terms up until now: PSF can terminate in case of wrongdoing ("policy violation") or for other clearly stated "good reason". E.g., if you upload a virus package, violate someone's trademark, typosquat, etc.
Terms from March: PSF can terminate for any reason, including what most people might consider "bad reasons". E.g., for the purpose of illustration and without implying any intent here: selling a coveted project name on pypi to the highest bidder. Or, resolving name conflicts always in favour of a US entity. Or shutting down projects from a country the US is in a trade war with.

Of those commenting in the discussion, only Pitrou seemed to share some of Király's concerns: "the fact that they are now being bluntly explicit in their 'we do what we want' policy is certainly cause for concern". The other commenters largely agreed that there was no actual change to what the PSF can and cannot do.

Response

PSF Executive Director Deb Nicholson posted answers to some of the questions raised in the thread and perhaps as a response to Király's email; she also agreed that there was no real material change in the powers, just in the wording. "It is an explicit statement of our existing authority, as we understand it and as it has been applied in practice." The actual terms were based on the GitHub Terms of Service and that the "with or without cause" and "for any reason at any time" language are seen as standard for services similar to PyPI. That wording is needed to allow PyPI staff to quickly respond to new types of abuse, she said. The idea to generate revenue for PyPI by offering paid accounts, which is what the Organization feature is, came from the PSF board, with discussions on that stretching back to 2020; the ToS updates were done by PSF staff in conjunction with the foundation's lawyer.

As might be guessed, Király had some follow-up questions with regard to the termination clause. There was more back and forth between Király and others about the specifics, where Király tried to respond to most posts. That hearkened back to a somewhat similar "discussion" from last year, which led to a three-month suspension for Tim Peters. As with that one, the responses are polite and on-topic, but the volume and somewhat repetitive nature of them leads to complaints. The parallels were not lost on Peters, who had some thoughts:

I advise you not to reply to messages from those who cannot answer your specific questions. People overwhelmingly don't want "a discussion" about potentially unpleasant foundational issues. and routinely assume bad faith and ill intent on the part of those who raise them. They can't be dissuaded, and trying only makes it worse.
You'll get forthright answers from those who know, or you won't. Nobody else matters here.

Király was surprised to hear that such discussions are not welcome; he was worried that it implied a kind of "groupthink" within the Python community, though he did not believe that was the case. Moore had a level-headed response that suggested the underlying problem may be that the format of a text-based forum does not lend itself to those kinds of discussions:

I think it's more a case that a lot of people have found that discussions about such potentially unpleasant foundational issues tend to be both unproductive and emotionally draining, and simply aren't worth getting into. The topics themselves are worth discussing, but it doesn't seem that this environment (for whatever reason) is the right way of doing so. You could say that it's because this environment is "unpleasant" and "toxic", but I think that's unfair, and potentially contributes to the sort of atmosphere we'd like to avoid. Rather, it's just that people have divergent views, and a text-based online forum isn't the best place for nuance and expressing willingness to discuss while remaining strongly opposed to another person's views.

That was the final word on the subject, as one of the forum moderators, David Lord, closed the thread due to multiple posts that had been flagged and because, he said, the thread was no longer going in a "productive, on-topic direction". It is unfortunate that discussions of this nature so often meet that fate, but moderation within communities is certainly hard. There are still some unanswered questions at this point—reasonable questions, at least in the eyes of some—and it is unclear if the answers will ever come to light.

Over the decades, PyPI has gone from being the CheeseShop—a whimsical Monty Python reference—in the beginning, to soon becoming a much more serious repository with actual paying customers. It is, however, fundamentally a community resource and it is not surprising that some in the community feel a certain level of ownership based on their contributions. Nearly all of the work that has gone into PyPI has been done by unpaid volunteers; the vast majority of the packages stored there come from unpaid community members as well. It may well feel like something of a slap in the face to be told that they can be denied access for any reason, without any recourse. Maybe that was always true, but seeing it in black-and-white terms can be, not surprisingly, somewhat difficult.

While the PSF clearly holds title to PyPI, it would be not much of a cheese shop without those countless contributions. It behooves the organization to remember that and to try to find ways to communicate changes of this nature so that the community is not surprised by them a month before they go into effect. Better still would be to find ways to include the community in the process, so that those who helped make PyPI what it is today feel that they have a voice.

Index entries for this article
Python	Community
Python	Packaging

to post comments

The value of PyPI is more than just the packages

Posted Mar 13, 2025 10:43 UTC (Thu) by kpfleming (subscriber, #23250) [Link]

> Nearly all of the work that has gone into PyPI has been done by unpaid volunteers; the vast majority of the packages stored there come from unpaid community members as well

While this is certainly true, it glosses over the fact that *operating* PyPI is incredibly expensive and is not done by volunteers or community members. There is tremendous value in the collection of Python packages present on PyPI, but there is also tremendous value in the existence of a central, well-known, repository where Python packages can be found.

This sort of discussion has happened before, when other major package repositories underwent ownership changes or policy changes; in every case it's been said that package publishers and consumers are free to use any repository they wish, but that the community itself finds value in having a single place to publish and consume packages - that comes at a cost.

They weren't already doing that?

Posted Mar 13, 2025 21:46 UTC (Thu) by NYKevin (subscriber, #129325) [Link] (2 responses)

> PSF has the right to suspend or terminate your access to all or any part of the Website at any time, with or without cause, with or without notice, effective immediately. PSF reserves the right to refuse service to anyone for any reason at any time.

I'm honestly pretty shocked to learn they didn't already have a sentence like this in their ToS to begin with. It is impractical to promise otherwise, especially for a free service. You need the ability to cut off spammers and other folks who are misusing the system, without having to worry about what a bunch of lawyers are going to think of it.

It is *helpful* to give some examples of the general kinds of things that are likely to get someone's account terminated (e.g. "no distributing malware or [list of various other problematic things]," which I'm sure is also in there somewhere), but it's not wise to promise that such a list is exhaustive. People are always coming up with ingenious new ways of abusing things, and you don't want to be stuck trying to figure out whether your existing terms cover some new attack vector. Yes, you can write a catch-all "if you cause problems for the service" clause, but that's so broad that it's hardly any better than writing "for any reason at any time," and the latter is more bulletproof if you do get sued.

They weren't already doing that?

Posted Mar 14, 2025 4:02 UTC (Fri) by raven667 (guest, #5198) [Link]

I agree that understanding this up front as a platform owner and making it clear to everyone else saves misunderstanding, angst and embarrassment in the long run, but I think well meaning people are conditioned to be a little more accommodating than they should be and sometimes shy away from the responsibility of making their own judgements (which could be wrong!) by hiding behind a thick rulebook, leaving them open to bad actors willing to game the system. Make the judgement call and as a consequence be judged by the community and it will all find balance.

They weren't already doing that?

Posted Mar 14, 2025 9:59 UTC (Fri) by chris_se (subscriber, #99706) [Link]

I agree with you, and I totally don't get the drama about this at all.

A clause in the ToS that they can remove access to who they want is completely reasonable, because it's a purely legal statement. I view that as similar as all those disclaimers of warranty in software licenses - they state that users of free software are completely on their own legally. But there still is the social expectation of a well-run free software project that it's reasonable to at least report bugs to the project - and most projects are interested in fixing bugs at least in general, even though they may not do so for specific bugs due to technical, "man"power, or other constraints. (Or at least not immediately.) And I don't see people arguing for "write in your free software license that the author must fix bugs", even though projects fixing reported bugs is generally a social expectation. Worst case, because it's free software, if a project does stagnate, it will always be possible to fork it and do it better.

There is a social consensus that PyPI is open to reasonable contributions, and should the PSF ever do something that violates that consensus, and aren't willing to reconsider, then people will create alternatives to PyPI.

But being outraged that people in the PSF don't want to be responsible for monetary damages, and don't want to have to spend resources to have to fight bad actors with a lot of time on their hands in court, isn't very productive in my opinion. I view the clause more of a "the legal system is not fit for the purpose of handling these specific kinds of disputes, and since we are putting in the money for hosting all this stuff for free, we want to be legally safe".

This reminds me ...

Posted Mar 14, 2025 0:49 UTC (Fri) by JoeBuck (subscriber, #2330) [Link] (2 responses)

... of our discussion when we formulating the rules for egcs. When could we ban someone from the community? Should we be able to? Should we have a specific set of rules, or just require a supermajority of the steering committee? We would up deciding that anyone can be banned by a 3/4 vote from the steering committee. When a few people complained, I replied that we didn't want to be stuck if someone found a new and creative way to cause damage.

It turns out that we only ever banned one person (in the time that egcs was independent, before it was re-merged with FSF gcc). The reason was that after his patches were repeatedly declined, he started threatening the release manager, in private mail, up to and including "I know where you live". Those who only saw his behavior on-list might find him annoying and argumentative but not much worse than some others. Fortunately after he was banned, he appeared to back off, so as far as I know law enforcement was never involved.

So yes, I can see why PSF may feel that they need to reserve the right to do what's needed for self-preservation.

This reminds me ...

Posted Mar 19, 2025 10:42 UTC (Wed) by ballombe (subscriber, #9523) [Link] (1 responses)

Yes.

On the other hand, I would argue that the stake are much higher. Being banned from Pip can have real life consequence. I would not like to invest in a language where I can be banned from the de facto canonical archive, and where there are strong expectation of software being available there.
That is the contradiction : one set up an archive with the stated purpose that everything will be available there,
and then suddenly there is an "except".

One feature of free software is that we avoid having power over other people, because they can just fork or ignore us.
Centralization effort like canonical package archive create power structures that are dangerous.
Centralization is a costly convenience.

This reminds me ...

Posted Mar 19, 2025 12:59 UTC (Wed) by paulj (subscriber, #341) [Link]

Would I be correct in thinking you could be banned from Pip simply cause of things outside of your control - like where you were born and live?

Difficult balance and alternatives

Posted Mar 20, 2025 16:26 UTC (Thu) by GNUtoo (guest, #61279) [Link] (1 responses)

One of the issue with rules is that the more precise they are, the more they increase false positive (people that found ways to respect the rule by the letter while managing to do things that the rules were meant to forbid) and negative (people doing things that are meant to be OK but forbidden by the rules), and the more lax they are, the more they are subject to interpretations by the people who are charged to enforce the rules, and so their application can depend on the people doing the enforcement at a given time.

Here it seems to be lax enough to allow to take a lot of context into account, and there are examples as well, which helps a lot to clarify things. So we seem to have some good balance here.

Note that I didn't register yet to pypi so I'm not sure exactly what service it provide, but I read the new terms of services to understand if it was worth applying on behalf of a project I ended up co-maintaining.

In (from https://policies.python.org/pypi.org/Acceptable-Use-Policy/) we have:

> Posting text, imagery, or audio content glorifying or containing a graphic depiction of violence toward oneself, another individual, group, or animal

Does that means that many free software games are out of the scope of pypi? Are games that have the issue mentioned above typically referenced somewhere else, or not care about pypi?

In my case the package I co-maintain is not a game, so it doesn't fall into that (it's an application that interacts with an online service). I also don't know if this part is a good or bad thing, so I've no objections to it.

Another question is if it is possible to avoid pypi completely and/or how hard it is to setup another compatible repository. The use case would be to have only 100% free packages hosted/referenced.

pip install can at least refer to specific URL like with 'pip install git+https://some-forge/project-group/project', and PEP 508 allows some URLs, but I guess that at some point in the dependency chain, it will depend on packages that take their dependencies from pypi. And making sure to always have the latest revision of a dependency probably increase the amount of work.

So are there people that managed to self-host compatible repositories and somehow modify or configure pip to point to them? Or are there ways to somehow filter packages/dependencies on the license?

Difficult balance and alternatives

Posted Mar 21, 2025 9:12 UTC (Fri) by mathstuf (subscriber, #69389) [Link]

> So are there people that managed to self-host compatible repositories and somehow modify or configure pip to point to them?

One can host wheels with a static HTTP server, so yes. Additionally, forges may provide PyPI-compatible registries for your packages as well (e.g., at least GitHub and GitLab do so for Python).

Some context

Posted Apr 3, 2025 19:43 UTC (Thu) by zahlman (guest, #175387) [Link]

Since I'm catching up on LWN a bit today, I thought I'd post a few random things I know about the situation that others might find relevant:

1. Kiraly is no stranger to the politics of the open-source world. He leads the "sktime" project (something to do with analyzing time-series data with scikit-learn in Python), which apparently had to deal with a hostile fork; and in the fallout, he ended up facing Code of Conduct charges filed with NumFOCUS (a nonprofit that supports a lot of scientific-Python OSS development, including Numpy, Pandas, Matplotlib, Jupyter etc. as well as the Julia language and many other things). It comes across to me that his mode of communication in that thread is typical. Personally I think the community is better off for having people willing to levy such criticism, even when it turns out to be misguided or irrelevant.

2. Paul Moore, in my experience, has a gift for understatement and humility. His "close involvement with the packaging community", for the record, is mainly that he is a major contributor to / maintainer of Pip.

3. PyPI, per the PSF's reporting, serves on the order of 600 petabytes of data per year, graciously handled by an in-kind donation from Fastly. If assessed at 2 cents per gigabyte (the going bulk retail rate from CDNs like AWS, the last time I checked) this would amount to a few times the PSF's entire operating budget. It's not at all a small concern, and I would agree it's a good thing that the volunteers maintaining it can have this much sovereignty. But I think we would be much better off if someone could find the resources to staff it properly, and if we could reduce that download burden.

(A lot of things could help: offering slimmed-down distributions for major packages like NumPy, e.g. by allowing tests and documentation to be omitted or making the functionality more modular; enabling better compression methods and writing the standards language to get installers and build systems to work with that; making it easier to set up local private indexes; teaching workflows that don't redundantly download many copies of Pip and Setuptools; figuring out if/why Pip's cachings is being defeated in that regard....)